1. CVE-Search
  2. CVE-2010-1992
ID CVE-2010-1992
Summary Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
References
Vulnerable Configurations
  • cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
    cpe:2.3:a:google:chrome:1.0.154.48:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 19:58)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-08-12T04:00:09.536-04:00
class vulnerability
contributors
  • name Bhavya K
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Google Chrome is installed
oval oval:org.mitre.oval:def:11914
description Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
family windows
id oval:org.mitre.oval:def:11363
status accepted
submitted 2010-08-02T17:16:08
title Denial of service in Google Chrome 1.0.154.48 via an HTML document with many IFRAME elements.
version 51
refmap via4
bugtraq 20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
misc http://websecurity.com.ua/4206/
Last major update 10-10-2018 - 19:58
Published 20-05-2010 - 17:30
Last modified 10-10-2018 - 19:58
Back to Top